Re: [exim] Anti Phishing ACL

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: neil
Data:  
Para: Richard Clayton
CC: exim-users
Asunto: Re: [exim] Anti Phishing ACL
Richard Clayton wrote:
> most anti-spam systems eat them for breakfast
>

We run spamassassin and clam with the Sane sigs. But, it is cheaper to
drop them sooner if they are obvious forgeries.

> this all rather depends whether your users forward bank email from
> somewhere else to you; and indeed whether you believe that the banks
> will tell you when they change email sending architecture...
>

If it breaks forwarding I can over ride with my white list. If the banks
change sending hosts again I can override if dnswl has not caught it first.


> ... I expect people most people let their spam filters deal with
> phishing (and of course their generic anti-spam systems -- such as
> assessing the reputation of the sender and their HELO).
>

We do lots and lots of anti spam checks in exim before it hits SA. This
is just another test.
As I was getting good results I though I would share and ask for feedback.


>> what about these (from my list of recent phishing victims, and there are
>> many more banks and building societies than have been attacked):
>>
>>     Bank of Scotland (UK)
>>     Barclaycard (UK)
>>     Birmingham Midshires (UK)
>>     Bradford & Bingley (UK)
>>     Cahoot (UK)
>>     Cater Allen (UK)
>>     CitiBank (UK)
>>     Clydesdale (UK)
>>     Co-operative Bank (UK)
>>     Coutts (UK)
>>     Coventry BS (UK)
>>     First Direct (UK)
>>     HM Revenue & Customs (UK)
>>     Intelligent Finance (UK)
>>     MBNA Europe (UK)
>>     Nationwide (UK)
>>     Norwich & Peterborough BS (UK)
>>     O2 (UK)
>>     Scottish Widows (UK)
>>     Smile (UK)
>>     Tesco (UK)
>>     Ulster Bank (UK)
>>     Woolwich (UK)
>>     Yorkshire Bank (UK)

>>

I have some of these on my list, some times listing more than one of
their domains,
eg rbs.com, rbs.co.uk, rbsdigital.com ,rbsdigital.co.uk . Some of these
I don't have accurate sending ranges for (not on senderbase) or my logs
show other hosts.
Cheers for the list though I'll update mine with any others I've missed.

Rgds
n